Integrity Applications Incorporated (IAI) is an engineering and software development company headquartered in Chantilly, Virginia with offices Nationwide. IAI has been selected as one of the best companies to work for in America by The Great Place to Work Institute. We are always looking for bright, innovative and talented people to join our team of highly skilled professionals. IAI offers challenging work, competitive salaries, an incentive bonus program and excellent health and welfare benefits for you and your family.
IAI seeks a Cybersecurity Analyst to support a Department of Navy client at our Patuxent River, MD location. The Cybersecurity Analyst will work in a collaborative team utilizing Agile process management strategies to accomplish Risk Management Framework (RMF) Assessment and Authorization (A&A) activities for a large portfolio of warfighting and business/IT systems. The Cybersecurity Analyst acts as Information System Security Officer (ISSO) for multiple systems, interfacing between the customer Cyber Team, platform and system administrators, and systems engineers throughout the Risk Management Framework (RMF) Assessment & Authorization (A&A) lifecycle process. The ideal candidate is very detail oriented with strong written and oral communication skills as well as a strong technical background. He/she will be responsible for planning, developing, finalizing, and reviewing key deliverables in each stage of the A&A process. As a result, a strong understanding of standards and requirements outlined by the DoD, NIST, OMB, Navy IATA, and other federal guidelines is required. The Cybersecurity Analyst will be actively engaged in identifying unique system characteristics, interviewing key organizational personnel (technical, administrative, and executive), and working to develop and manage security documentation throughout the system lifecycle in support of DoD and Department of the Navy requirements. This includes, but is not limited to; security categorizations, system security plans, security assessment plans, privacy impact assessments, contingency plans, configuration management plans, incident response plans, Plans of Actions and Milestones, POA&Ms, vulnerability assessment reports, deviation requests, and any other necessary documents to support a system's authority to operate (ATO).
* Plans and executes RMF A&A activities * Participates in daily SCRUM, maintains backlog, and ensures continual state of authorization for systems assigned. * Develops security artifacts and/or standards and policies across systems assigned. * Ensures that all policies reflect current standards in place. * Participates in network and systems design to ensure implementation of appropriate systems security policies. * Assists program managers in drafting cyber-smart contract language. * Monitors compliance and conducts periodic reviews of policies * Travel: normally less than 10% but can be up to 25%
* BA/BS degree in information systems, computer science, or related fields. * 3 years working in the A&A field and at least 2 years information systems, computer science, or related fields (may be concurrent) * Working face-to-face with multiple stakeholders interviewing, planning, or participating in a team effort to bring multiple complex projects to fruition in a highly motivated, fast paced environment. * Development of A&A process documents. Experience with eMASS a plus. * Assess/audit systems to analyze risk and report on identified weaknesses. * Conducting in-depth technical reviews of new and existing systems in order to identify the appropriate mitigation strategies required to bring these systems into compliance with established policy and industry guidelines. * Providing ongoing gap analysis of current policies, practices, and procedures as they relate to established guidelines outlined by DoD, NIST, DON, IATA, etc. * Knowledge of IT security architecture and design (firewalls, Intrusion Detection Systems, Virtual Private Networking, and virus/malware protection technologies - behavioral based a plus). * Knowledge of LAN/WAN design and general internet working technologies. Hands-on experience a plus. * Knowledge of Windows and Linux operating systems. Hands-on experience a plus.
* The Ideal candidate will also have one or more of the following certifications: CISSP, CISM, CEH, CISA, Security+ and/or CAP
Security Clearance Requirements: must have an active Secret clearance
Integrity Applications Incorporated is an Equal Opportunity / Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, disability, protected veteran status or any other factor protected by law.